CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. Un problema en Binalyze IREC.sys v.3.11.0 y anteriores permite a un atacante local ejecutar código arbitrario y escalar privilegios a través de la función fun_1400084d0 en el controlador IREC.sys. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0 https://github.com/magicsword-io/LOLDrivers/blob/main/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yml • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-44157
https://notcve.org/view.php?id=CVE-2023-44157
Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-3956 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42122 – Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42122
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-23-1479 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43320 – Proxmox VE 7.4-1 TOTP Brute Force
https://notcve.org/view.php?id=CVE-2023-43320
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. • http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html https://bugzilla.proxmox.com/show_bug.cgi?id=4579 https://bugzilla.proxmox.com/show_bug.cgi?id=4584 https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42124 – Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42124
This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code outside the sandbox at medium integrity. ... This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code outside the sandbox at medium integrity. • https://www.zerodayinitiative.com/advisories/ZDI-23-1474 • CWE-863: Incorrect Authorization •